REMARKS/ARGUMENTS 



In the Office Action mailed October 17, 2008, claims 1-20 were rejected. In 

response, Applicants hereby request reconsideration of the application in view of the 
amendments and the below-provided remarks. No claims are added. Claims 2 and 19 are 
canceled. 

For reference, claims 1, 3-5, 7, 8, 1 1-13, 15-18, and 20 are amended to change 
"header request" to "request header" to correct a typographical error. Claims 1, 3-5, 7, 8, 
1 1-13, 15-18, and 20 are amended to correct issues with antecedent basis. Claim 15 is 
amended to recite "a server machine configured to receive the request header" and to 
indicate that the authentication component is to operate on the server machine. This 
amendment is suppoited by the original specification at least at the first full paragraph on 
page 6 of the original specification. Claim 1 is amended to recite that the request header 
is generated "at a client computer" and that the client authentication information is 
inserted into the request header "at the client computer by a client browser, without 
violating HTTP protocol." This amendment is supported at least by original language of 
claims 2 and 5, and at the first full paragraph of page 6 of the original specification. 
Claims 8, 12, 15, 16, and 20 contain amendments similar to the amendments described 
above in relation to claim 1. Claim 10 is amended to remove the limitation that the 
communication protocol is the HTTP protocol, which is now a limitation of the 
independent claim upon which the claim depends. Claim 14 contains a similar 
amendment to the amendment in claim 10. 

Objections to the Claims 

The Office Action objects to claims 1-20 for informalities. In particular, claims 
1-20 are objected to for referring to a "header request." Claims 1, 3-5, 7, 8, 11-13, 15-18, 
and 20 are amended to change "header request" to "request header." Applicants submit 
that correction of this typographical error addresses the objection for referring to a 
"header request" and request that the objection to the claims be withdrawn. 

Additionally, claim 1 was rejected for reciting inserting client authentication 
information into a request header "independently of the authentication process used by 
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said server." The Office Action suggests that this limitation "does not make sense." 
Applicants respectfully disagree. 

Claim 1 recites "insertion of client authentication information into a request 
header. ..independently of an authentication process used by a server" and "receiving 
information from said server if authentication has been successful" (emphasis added). 
The Office Action states that these limitations purportedly indicate that "authentication is 
performed on the server without any additional information being sent, so it appears as 
though the authentication information must be used in an authentication process of the 
server" (emphasis added). Applicants submit that since the claim recites that information 
is received if authentication is successful, it is entirely reasonable that the insertion of 
authentication inforaiation can be independent of any authentication process in place on 
the server. Furthermore, Applicants submit that the assertion in the Office Action that 
authentication information must be used in an authentication process is incorrect. For 
these reasons. Applicants request that the objection to claim 1 be withdrawn. 

Claim Rejections under 35 U.S.C. 101 

Claims 15-19 were rejected under 35 U.S.C. 101 as being directed to non- 
statutory subject matter. In particular, the Office action states that claims 15-19 could be 
purely software. 

Applicants submit that claims 15 and 16 are amended to recite statutory material, 
claims 17 and 18 depend on claim 16, and claim 19 is canceled. Claim 15 is amended to 
recite "a server machine configured to receive the request header" and to indicate that the 
authentication component is to operate on the server machine. This amendment is 
supported by the original specification at least at the first full paragraph on page 6 of the 
original specification. Claim 16 is amended to recite that the browser operates "on a 
client computer." This amendment is supported by the original specification at least at 
the first full paragraph on page 6 of the original specification. In light of the amendments 
described above. Applicants respectfully request that the rejections of claims 15-18 under 
35 U.S.C. 101 be withdrawn. 
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Claim Rejections under 35 U.S.C. 112 

Claims 1, 4, 5, 8, 11-17, 19, and 20 were rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which Applicants regard as the invention. In particular, these claims were 
rejected for antecedent basis issues. Applicants submit that claims 1, 4, 5, 8, 1 1-17, and 
20 are amended to correct the antecedent basis issues, and claim 19 is canceled. 
Consequently, Applicants request that the rejection of claims 1, 4, 5, 8, 11-17, and 20 
under 35 U.S.C. 1 12 be withdrawn. 

Claim Rejections under 35 U.S.C. 103 

Claims 1-5, 8, 9, 1 1-17, and 20 were rejected under 35 U.S.C. 103(a) as being 
unpatentable over Maurin et al. (U.S. Pat. Pub. No. 2002/0133700, hereinafter Maurin) in 
view of Buch et al. (U.S. Pat. Pub. No. 2003/0217165, hereinafter Buch). Additionally, 
claims 6, 7, and 18 were rejected under 35 U.S.C. 103(a) as being unpatentable over 
Maurin in view of Buch, further in view of Bishop et al. (U.S. Pat. No. 7,343,351, 
hereinafter Bishop). Additionally, claims 10 and 19 were rejected under 35 U.S.C. 
103(a) as being unpatentable over Maurin in view of Buch, further in view of Rhodes 
(U.S. Pat. Pub. No. 2002/0049902, hereinafter Rhodes). However, Applicants 
respectfully submit that these claims are patentable over Maurin, Buch, Bishop, and 
Rhodes for the reasons provided below. 

Independent Claim 1 

1. The cited references do not teach all of the liinitatioiis of the claim. 

Claim 1 recites "inserting client authentication information into said request 
header at a client computer by a client browser " (emphasis added). 

In contrast, neither Maurin nor Buch teach insertion of authentication information 
at a client computer by a client browser. The Office Action states that paragraphs 24-26 
of Maurin purportedly teach that "authentication information is automatically inserted 
into the request header by a browser on the client." Office Action, page 7, first full 
paragraph, in relation to claim 5, from which the amendment to claim 1 is drawn. 
Paragraphs 24-26 of Maurin, however, merely describe the standard use of cookies, 
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specifically that cookies are collected "by the server machine and sent to the browser of 
the client machine " (Maurin, paragraph 24, emphasis added), and "when the user 
reconnects to the site in question, the browser sends the corresponding cookie to the 
server machine" (Maurin, paragraph 26, emphasis added). Maurin does not teach 
inserting authentication information into a cookie or a request header by the browser. 

Maurin merely teaches the browser receiving cookies from the server and 
returning the received cookie to the server. In Maurin, a certificate is added to a cookie 
header by an "analyzing means." Maurin, Paragraphs 49-51. The analyzing means in 
Maurin is a component of a security module (Maurin, paragraph 32) which is explicitly 
called out as "an intermediate machine" (Maurin, paragraph 30) and is separate from the 
client machine (Maurin, paragraph 17, Figure I). In other words, Maurin teaches adding 
a certificate to a header by a machine other than the client computer . 

Maurin is merely concerned with transmitting a security certificate from a 
security module to a server. Although Maurin describes a security certificate in a cookie 
header, Maurin does not teach insertion of security information into a request header by a 
client browser at a client computer. Rather, Maurin simply teaches a separate security 
module on an intermediate machine that adds a cookie containing elements of a 
certificate. Adding a certificate to a cookie header at an intermediate machine is different 
from inserting client authentication information into a request header at a client machine 
by a client browser. In fact, Maurin is clear that the certificate is added to the cookie 
header by a computer separate from, or, in the language of Maurin, "intermediate" to, the 
client computer. Maurin, paragraphs 17 and 30, Figure 1. Maurin does not teach 
inserting client authentication information into said request header at a client computer by 
a client browser, as recited in claim 1 . 

For the reasons presented above, Maurin does not teach all of the limitations of 
the claim because Maurin does not teach inserting chent authentication information into a 
request header at a client computer by a client browser, as recited in the claim. 
Accordingly, Applicants respectfully assert claim 1 is patentable over the combination 
Maurin and Buch because neither Maurin nor Buch teaches all of the limitations of the 
claim. 
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2. The proposed combination is improper. 

Additionally, claim 1 recites "Method for authenticating clients in a client- server 
environment " (emphasis added), "inserting client authentication information into said 
request header at a client computer " (emphasis added), and "sending said request header 
to said server " (emphasis added). 

Even if the combination of Maurin and Buch were to teach all of the limitations of 
the claim, the proposed combination of Maurin and Buch is nevertheless improper. In 
asserting a combination of references as a basis for an obviousness rejection, the 
proposed combination or modification cannot change the principle of operation of the 
prior art. MPEP 2143.01(VI). 

The proposed combination of Maurin and Buch would change the principle of 
operation of Buch because Buch operates using Session Initiation Protocol (SIP), which 
is a peer-to-peer protocol, and the proposed combination would cause Buch to operate in 
a client- server environment, rather than a peer-to-peer environment. 

The invention of Buch operates using the SIP protocol and is focused on 
authentication of one peer to another peer. Buch, paragraph 1, paragraph 30 "the present 
invention provides a way for SIP parties to perform end-to-end user authentication." SIP 
is a peer-to-peer protocol used for communication between a "callee" and a "caller" in 
which "both are SIP clients." Buch, paragraph 2. 

In contrast, claim 1 recites operation in a client- server environment and sending 
an extended request header to a server. Modification of Buch to operate in such an 
environment would change the principle of operation of Buch. 

The MPEP states that if the proposed modification or combination of the prior art 
would change the principle of operation of the prior art invention being modified, then 
the teachings of the references are not sufficient to render the claims prima facie obvious. 
MPEP 2143.01(VI). Therefore, since the proposed combination of Maurin and Buch 
would result in a change in the principle of operation of Buch — from a peer-to-peer 
system to a client-server system — the proposed combination of cited references is not 
sufficient to render the limitations of claim 1 as prima facie obvious. Accordingly, 
Applicants respectfully assert claim 1 is patentable over the combination of Maurin and 
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Buch because the proposed combination of Maurin and Buch is improper and, hence, 
insufficient to establish a prima facie case of obviousness. 

Independent Claim 8 

Applicants respectfully assert independent claim 8 is patentable over Maurin and 
Buch at least for similar reasons to those stated above in regard to the rejection of 
independent claim 1. In particular, claim 8 recites "inserting authentication information 
into said request header at a client computer by a client browser " (emphasis added). 

Here, although the language of claim 8 differs from the language of claim 1, and 
the scope of claim 8 should be interpreted independently of claim 1 , Applicants 
respectfully assert that the remarks provided above in regard to the rejection of claim 1 
also apply to the rejection of claim 8. Accordingly, Applicants respectfully assert claim 8 
is patentable over Maurin and Buch because neither Maurin nor Buch teach inserting 
authentication information into a request header at a client computer by a client browser. 
Additionally, modification of Buch to operate in the client server environment recited in 
claim 8 would change the principle of operation of Buch. Since modifying a reference in 
a manner that changes the principle of operation of the reference is improper, Applicants 
respectfully assert that the claim is patentable over the combination of Maurin and Buch. 

Independent Claim 12 

Applicants respectfully assert independent claim 12 is patentable over Maurin and 
Buch at least for similar reasons to those stated above in regard to the rejection of 
independent claim 1. In particular, claim 12 recites "a client request header generated at 
a client computer, the request header containing authentication inforaiation inserted into 
the request header by a client computer at a client browser " (emphasis added). 

Here, although the language of claim 12 differs from the language of claim 1, and 
the scope of claim 12 should be interpreted independently of claim 1, Applicants 
respectfully assert that the remarks provided above in regard to the rejection of claim 1 
also apply to the rejection of claim 12. Accordingly, Applicants respectfully assert claim 
12 is patentable over Maurin and Buch because neither Maurin nor Buch teach inserting 
authentication information into a request header at a client computer by a client browser. 
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Additionally, modification of Buch to operate in the client server environment recited in 
claim 12 would change the principle of operation of Buch. Since modifying a reference 
in a manner that changes the principle of operation of the reference is improper, 
Applicants respectfully assert that the claim is patentable over the combination of Maurin 
and Buch. 

Independent Claim 15 

Applicants respectfully assert independent claim 15 is patentable over Maurin and 
Buch at least for similar reasons to those stated above in regard to the rejection of 
independent claim 1. In particular, claim 15 recites "wherein the request header is 
generated by the client and the authentication information is inserted into the request 
header at the client by a client browser " (emphasis added). 

Here, although the language of claim 15 differs from the language of claim 1, and 
the scope of claim 15 should be interpreted independently of claim 1, Applicants 
respectfully assert that the remarks provided above in regard to the rejection of claim 1 
also apply to the rejection of claim 15. Accordingly, Applicants respectfully assert claim 
15 is patentable over Maurin and Buch because neither Maurin nor Buch teach inserting 
authentication information into a request header at a client computer by a client browser. 
Additionally, modification of Buch to operate in the client server environment recited in 
claim 15 would change the principle of operation of Buch. Since modifying a reference 
in a manner that changes the principle of operation of the reference is improper. 
Applicants respectfully assert that the claim is patentable over the combination of Maurin 
and Buch. 

Independent Claim 16 

Applicants respectfully assert independent claim 16 is patentable over Maurin and 
Buch at least for similar reasons to those stated above in regard to the rejection of 
independent claim 1. In particular, claim 16 recites "a browser operating on the client 
computer , and a component operating on the browser for inserting client authentication 
information into said request header" (emphasis added). 
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Here, although the language of claim 16 differs from the language of claim 1, and 
the scope of claim 16 should be interpreted independently of claim 1, Applicants 
respectfully assert that the remarks provided above in regard to the rejection of claim 1 
also apply to the rejection of claim 16. Accordingly, Applicants respectfully assert claim 
16 is patentable over Maurin and Buch because neither Maurin nor Buch teach inserting 
authentication information into a request header at a client computer by a client browser. 
Additionally, modification of Buch to operate in the client server environment recited in 
claim 16 would change the principle of operation of Buch. Since modifying a reference 
in a manner that changes the principle of operation of the reference is improper. 
Applicants respectfully assert that the claim is patentable over the combination of Maurin 
and Buch. 

Independent Claim 20 

Applicants respectfully assert independent claim 20 is patentable over Maurin and 
Buch at least for similar reasons to those stated above in regard to the rejection of 
independent claim 1. In particular, claim 20 recites "inserting client authentication 

information into said request header at a client computer by a client browser " (emphasis 
added). 

Here, although the language of claim 20 differs from the language of claim 1, and 
the scope of claim 20 should be interpreted independently of claim 1, Applicants 
respectfully assert that the remarks provided above in regard to the rejection of claim 1 
also apply to the rejection of claim 20. Accordingly, Applicants respectfully assert claim 
20 is patentable over Maurin and Buch because neither Maurin nor Buch teach inserting 
authentication information into a request header at a client computer by a client browser. 
Additionally, modification of Buch to operate in the client server environment recited in 
claim 20 would change the principle of operation of Buch. Since modifying a reference 
in a manner that changes the principle of operation of the reference is improper, 
Applicants respectfully assert that the claim is patentable over the combination of Maurin 
and Buch. 
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Dependent Claims 

Claims 3-7, 9-11, 13, 14, 17, and 18 depend from and incorporate all of the 
limitations of the corresponding independent claims 1, 8, 12, and 16. Applicants 
respectfully assert claims 3-7, 9-11, 13, 14, 17, and 18 are allowable based on allowable 
base claims. Additionally, each of claims 3-7, 9-11, 13, 14, 17, and 18 may be allowable 
for further reasons. 



Applicants respectfully request reconsideration of the claims in view of the 
amendments and remarks made herein. A notice of allowance is earnestly solicited. 

This response is accompanied by the appropriate fee to obtain a 1 -month 
extension of the period for responding to the Office Action, thereby moving the deadline 
for response from January 17, 2009, to February 17, 2009. 

At any time during the pendency of this application, please charge any fees 
required or credit any over payment to Deposit Account 09-0461 pursuant to 37 C.F.R. 
1.25. Additionally, please charge any fees to Deposit Account 09-0461 under 37 C.F.R. 
1.16, 1.17, 1.19, 1.20 and 1.21. 



CONCLUSION 



Date: January 28, 2009 



Respectfully submitted, 

/Jeffrey T. Holman/ 

Jeffrey T. Holman 
Reg. No. 51,812 



Holman IP Law 

175 South Main Street 

Suite #850 

Salt Lake City, UT 84111 
Phone: (801) 746-5560 
Fax: (801)746-7451 
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